.. _access_list: access-list =========== Configure Access List access-list Specification ------------------------- ===================================== ==================================================== **Parameter** **Value** ===================================== ==================================================== **Type** *Intermediate Resource* **Element Name** access-list **Element URI** /axapi/v3/access-list **Element Attributes** access-list_attributes **Partition Visibility** shared **Schema** :download:`access-list schema ` ===================================== ==================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Get Object .. raw:: html GET .. raw:: html /axapi/v3/access-list .. raw:: html access-list_attributes .. raw:: html
.. _136_access-list_attributes: access-list attributes ---------------------- **extended-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/access-list/extended/{extd} ` **ipv4** **Description:** ipv4 is a **JSON Block**. Please see below for :ref:`136_ipv4` **Type:** Object **Reference Object:** :doc:`/axapi/v3/access-list/ipv4 ` **ipv6** **Description:** ipv6 is a **JSON Block**. Please see below for :ref:`136_ipv6` **Type:** Object **Reference Object:** :doc:`/axapi/v3/access-list/ipv6 ` **standard-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/access-list/standard/{std} ` **summary** **Description:** summary is a **JSON Block**. Please see below for :ref:`136_summary` **Type:** Object **Reference Object:** :doc:`/axapi/v3/access-list/summary ` .. _136_extended-list: extended-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **extd** **Description** IP extended access list **Type:** number **Range:** 100-199 **rules** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _136_extended-list_rules: extended-list_rules ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **acl-log** **Description** Log matches against this entry **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **any-code** **Description** Any ICMP code **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** any-code, icmp-code, and special-code are mutually exclusive **any-type** **Description** Any ICMP type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** any-type, icmp-type, and special-type are mutually exclusive **dscp** **Description** DSCP **Type:** number **Range:** 1-63 **dst-any** **Description** Any destination host **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** dst-any,dst-host, dst-subnet, and dst-object-group are mutually exclusive **dst-eq** **Description** Match only packets on a given destination port (port number) **Type:** number **Range:** 1-65535 **Mutual Exclusion:** dst-eq,dst-gt, dst-lt, and dst-range are mutually exclusive **dst-gt** **Description** Match only packets with a greater port number **Type:** number **Range:** 1-65534 **Mutual Exclusion:** dst-gt,dst-eq, dst-lt, and dst-range are mutually exclusive **dst-host** **Description** A single destination host (Host address) **Type:** string **Format:** ipv4-address **Mutual Exclusion:** dst-host,dst-any, dst-subnet, and dst-object-group are mutually exclusive **dst-lt** **Description** Match only packets with a lesser port number **Type:** number **Range:** 2-65535 **Mutual Exclusion:** dst-lt,dst-eq, dst-gt, and dst-range are mutually exclusive **dst-mask** **Description** Destination Mask 0=apply 255=ignore **Type:** string **Format:** ipv4-rev-netmask **dst-object-group** **Description** Destination network object group name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-object-group,dst-any, dst-host, and dst-subnet are mutually exclusive **dst-port-end** **Description** Edning Destination Port Number **Type:** number **Range:** 1-65535 **dst-range** **Description** Match only packets in the range of port numbers (Starting Destination Port Number) **Type:** number **Range:** 1-65535 **Mutual Exclusion:** dst-range,dst-eq, dst-gt, and dst-lt are mutually exclusive **dst-subnet** **Description** Destination Address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** dst-subnet,dst-any, dst-host, and dst-object-group are mutually exclusive **established** **Description** TCP established **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ethernet** **Description** Ethernet interface (Port number) **Type:** number **Format:** interface **extd-action** **Description** 'deny': Deny; 'permit': Permit; 'l3-vlan-fwd-disable': Disable L3 forwarding between VLANs; **Type:** string **Supported Values:** deny, permit, l3-vlan-fwd-disable **extd-remark** **Description** Access list entry comment (Notes for this ACL) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **extd-seq-num** **Description** Sequence number **Type:** number **Range:** 1-8192 **fragments** **Description** IP fragments **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **icmp** **Description** Internet Control Message Protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** icmp,tcp, udp, ip, and service-obj-group are mutually exclusive **icmp-code** **Description** ICMP code number **Type:** number **Range:** 0-254 **Mutual Exclusion:** icmp-code, any-code, and special-code are mutually exclusive **icmp-type** **Description** ICMP type number **Type:** number **Range:** 0-254 **Mutual Exclusion:** icmp-type, any-type, and special-type are mutually exclusive **ip** **Description** Any Internet Protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** ip,icmp, tcp, udp, and service-obj-group are mutually exclusive **service-obj-group** **Description** Service object group (Source object group name) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** service-obj-group,icmp, tcp, udp, and ip are mutually exclusive **special-code** **Description** 'frag-required': Code 4, fragmentation required; 'host-unreachable': Code 1, destination host unreachable; 'network-unreachable': Code 0, destination network unreachable; 'port-unreachable': Code 3, destination port unreachable; 'proto-unreachable': Code 2, destination protocol unreachable; 'route-failed': Code 5, source route failed; **Type:** string **Supported Values:** frag-required, host-unreachable, network-unreachable, port-unreachable, proto-unreachable, route-failed **Mutual Exclusion:** special-code, any-code, and icmp-code are mutually exclusive **special-type** **Description** 'echo-reply': Type 0, echo reply; 'echo-request': Type 8, echo request; 'info-reply': Type 16, information reply; 'info-request': Type 15, information request; 'mask-reply': Type 18, address mask reply; 'mask-request': Type 17, address mask request; 'parameter-problem': Type 12, parameter problem; 'redirect': Type 5, redirect message; 'source-quench': Type 4, source quench; 'time-exceeded': Type 11, time exceeded; 'timestamp': Type 13, timestamp; 'timestamp-reply': Type 14, timestamp reply; 'dest-unreachable': Type 3, destination unreachable; **Type:** string **Supported Values:** echo-reply, echo-request, info-reply, info-request, mask-reply, mask-request, parameter-problem, redirect, source-quench, time-exceeded, timestamp, timestamp-reply, dest-unreachable **Mutual Exclusion:** special-type, icmp-type, and any-type are mutually exclusive **src-any** **Description** Any source host **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** src-any,src-host, src-subnet, and src-object-group are mutually exclusive **src-eq** **Description** Match only packets on a given source port (port number) **Type:** number **Range:** 1-65535 **Mutual Exclusion:** src-eq,src-gt, src-lt, and src-range are mutually exclusive **src-gt** **Description** Match only packets with a greater port number **Type:** number **Range:** 1-65534 **Mutual Exclusion:** src-gt,src-eq, src-lt, and src-range are mutually exclusive **src-host** **Description** A single source host (Host address) **Type:** string **Format:** ipv4-address **Mutual Exclusion:** src-host,src-any, src-subnet, and src-object-group are mutually exclusive **src-lt** **Description** Match only packets with a lower port number **Type:** number **Range:** 2-65535 **Mutual Exclusion:** src-lt,src-eq, src-gt, and src-range are mutually exclusive **src-mask** **Description** Source Mask 0=apply 255=ignore **Type:** string **Format:** ipv4-rev-netmask **src-object-group** **Description** Network object group (Source network object group name) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-object-group,src-any, src-host, and src-subnet are mutually exclusive **src-port-end** **Description** Ending Port Number **Type:** number **Range:** 1-65535 **src-range** **Description** match only packets in the range of port numbers (Starting Port Number) **Type:** number **Range:** 1-65535 **Mutual Exclusion:** src-range,src-eq, src-gt, and src-lt are mutually exclusive **src-subnet** **Description** Source Address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** src-subnet,src-any, src-host, and src-object-group are mutually exclusive **tcp** **Description** protocol TCP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** tcp,icmp, udp, ip, and service-obj-group are mutually exclusive **transparent-session-only** **Description** Only log transparent sessions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **trunk** **Description** Ethernet trunk (trunk number) **Type:** number **Format:** interface **udp** **Description** protocol UDP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** udp,icmp, tcp, ip, and service-obj-group are mutually exclusive **vlan** **Description** VLAN ID **Type:** number **Range:** 1-4094 .. _136_summary: summary ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _136_ipv4: ipv4 ^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _136_standard-list: standard-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **std** **Description** IP standard access list **Type:** number **Range:** 1-99 **stdrules** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _136_standard-list_stdrules: standard-list_stdrules ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'deny': Deny; 'permit': Permit; 'l3-vlan-fwd-disable': Disable L3 forwarding between VLANs; **Type:** string **Supported Values:** deny, permit, l3-vlan-fwd-disable **any** **Description** Any source host **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** any, host, and subnet are mutually exclusive **host** **Description** A single source host (Host address) **Type:** string **Format:** ipv4-address **Mutual Exclusion:** host, any, and subnet are mutually exclusive **log** **Description** Log matches against this entry **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **rev-subnet-mask** **Description** Network Mask 0=apply 255=ignore **Type:** string **Format:** ipv4-rev-netmask **seq-num** **Description** Sequence number **Type:** number **Range:** 1-8192 **std-remark** **Description** Access list entry comment (Notes for this ACL) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **subnet** **Description** Source Address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** subnet, any, and host are mutually exclusive **transparent-session-only** **Description** Only log transparent sessions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _136_ipv6: ipv6 ^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters